Searching Kubernetes Logs Without A Logging Platform

Searching through pod logs on Kubernetes can be more challenging without a centralized logging platform like Datadog or Splunk.

Here’s how you can do it with kubectl and grep.

You can use kubectl to get logs for multiple containers by using their label:

kubectl logs -n kube-system -l k8s-app=kube-dns

To search the logs, just pipe it to grep:

kubectl logs -n kube-system -l k8s-app=kube-dns | grep -i "error"

If you would like to get a live tail and follow the logs, you can use the -f flag:

kubectl logs -f -n kube-system -l k8s-app=kube-dns

Then, you can pipe it into grep with --line-buffered for continuous output:

kubectl logs -f -n kube-system -l k8s-app=kube-dns | grep --line-buffered -i "error"

Note that there’s a default limit of 5 containers when using the follow flag -f.

You can get around this by setting --max-log-requests=<n>, where n is the number of containers you’d like to follow logs for.